Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

Key Derivation Function

1 min read
Pronunciation
[kee der-uh-vey-shuhn fuhngk-shuhn]
Analogy
Imagine you have one master key (a password or a main secret). A Key Derivation Function is like a sophisticated machine that takes this master key and, through a complex and lengthy process (often involving mixing it with other non-secret ingredients like a salt), produces one or more new, stronger, and purpose-specific keys. It's like turning a simple password into a set of highly secure cryptographic keys.
Definition
A cryptographic algorithm that derives one or more secret keys from a master key or a password using a pseudorandom function. KDFs are often used to stretch keys, making them more resistant to brute-force attacks, or to generate multiple keys from a single source.
Key Points Intro
KDFs transform input secrets into cryptographically suitable keys.
Key Points

Derives cryptographic keys from a secret value (e.g., password, master key).

Often incorporates a salt to protect against precomputation attacks (e.g., rainbow tables).

Can be designed to be computationally intensive (key stretching) to slow down brute-force attacks on the input secret.

Used in password storage, disk encryption, and generating keys for various cryptographic protocols.

Example
When you set a password for an encrypted file archive, a KDF like PBKDF2 or Scrypt is used to take your relatively weak password, combine it with a random salt, and perform thousands of computations to derive a strong cryptographic key that is then used to encrypt the file.
Technical Deep Dive
KDFs are typically built from cryptographic primitives like hash functions (e.g., HMAC) or block ciphers. An important property of many KDFs, especially those used for passwords, is 'key stretching' or 'work factor'. This means they are deliberately slow, requiring significant computational effort to produce the derived key. If an attacker tries to guess passwords, they must perform this computationally expensive KDF operation for each guess, making brute-force attacks much slower and less feasible. Parameters like the iteration count (for PBKDF2, Scrypt) or memory usage (for Scrypt, Argon2) control this work factor.
Security Warning
The security of a KDF depends on the strength of the input secret, the choice of KDF algorithm, its parameters (like iteration count and salt), and the underlying cryptographic primitives. Using a weak password with even a strong KDF will result in a weak derived key.
Related Terms
KDF
Scrypt
Cryptography
Hashing
Salt

Key Derivation Function - Related Articles

No related articles for this term.